Defenses against malware will soon appear on hardware chips

It’s conceivable that PC hardware creators are just as frustrated with the ongoing effects of hackers as users and software makers are. Intel decided to do something about it.

They recently announced that they plan to thwart hackers by baking anti-malware directly onto its CPU. This new design is intended to stop software exploits that deploy malware onto vulnerable computers.

Intel is doing this by introducing Control-Flow Enforcement Technology (CET), which was jointly developed by Intel and Microsoft, onto their CPUs. CET works by changing the way that processors execute instructions from web and PC applications.

CET is designed to thwart return-oriented programming (ROP), which is a technique hackers use to bypass anti-exploit measures that were introduced by software developers about 10 years ago.

ROP attacks repurpose functions that applications or operating system routines have placed into the region of memory known as the Stack.

With CET, a new stack called the Control Stack is created. This new stack can’t be modified by attackers and doesn’t store any data at all. What it does store are the return addresses of what is already in the Stack.

Due to this, even if an attacker has managed to corrupt a return address in the Stack, the Control Stack retains the correct return address.

The processor can then detect if there’s a difference in the return address in the Stack and Control Stack and halt execution of that affected process.

Thankfully, protection against ROP isn’t all CET is able to provide, either; there are multiple additional hacking techniques this newest technology works to protect against.

Control-Flow Enforcement Technology isn’t new news for Intel, as they first published about the implementation of CET in 2016, but their Tiger Lake CPU microarchitecture will be the first to include it.

Once Intel makes CET CPUs available, the protection will work only when the processor is running an operating system with the necessary support.

Windows 10 Version 2004 currently provides that support, but it is unknown if there are other operating systems at this time that do.

Intel has not yet released the date that Tiger Lake CPUs will be released.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648